You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Infected with System Restore and Google re-directs

I tried following this guide and after completing step 5, I am still unable to update Malware Bytes, so I'm now creating a topic here as requested. My start menu is absolutely cleared, I have no shortcuts on my desktop and my wallpaper is black. System restore keeps trying to pop-up asking to scan, which I cancel, and a ton of pop-ups saying things like "failed to save all components of \\system32\\[file]" come up. Also I'm getting Google redirects from the search bar in my Firefox browser.

BC AdBot (Login to Remove)

Hello and welcome. Please follow these guidelines while we work on your PC:

Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!

Please do not run any scans or install/uninstall any applications without being directed to do so.

Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.

P2P - I see you have P2P software (FrostWire & Vuze) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to malware infections. Please see this post for more information. I recommend that you uninstall these now. You can do so via Control Panel >> Add or Remove Programs. If you choose to keep these applications, please do not use them until our fixes at TSF are complete.

--------------------------------------------------------------------IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

If you have trouble, stop and post back. Do not try to repeatedly run comboFix!

When finished, it will produce a report for you.

.Please include the following in your next post:

ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member

The help you receive here is free. If you wish to show your appreciation, then you may

Please do this next: Open Notepad Go to Start> All Programs> Accessories> Notepad ( this will only work with Notepad ) and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above DDS::

Then disable your security programs and drag the CFScript into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM

Click the Update tab

Click Check for Updates

If an update is found, it will download and install the latest version.

The program will close to update and reopen.

Once the program has loaded, select "Perform Full Scan", then click Scan.

The scan may take some time to finish,so please be patient.

When the scan is complete, click OK, then Show Results to view the results.

Uncheck any entries from C:\System Volume Information or C:\Qoobox

Make sure that everything else is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Please include the following in your next post:

ComboFix log

MBAM log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member

The help you receive here is free. If you wish to show your appreciation, then you may

I did the first step (everything regarding ComboFix) correctly. The log is posted below.

However, I could not get Malwarebytes to update. I clicked the update tab, clicked check for updates. A pop-up said "connecting to malwarebytes.org" for about two seconds, before an error pop-up arose. I received the error code: 732 (0,0) . My current database version is 3510 (date:1/7/2010).

Open Notepad Go to Start> All Programs> Accessories> Notepad ( this will only work with Notepad ) and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above http://

I'm getting a blue screen crash each time (more than 6) I run MBAM. It doesn't happen right away (more than 30 minutes after I start the scan). So I don't have any log... any help would be appreciated.

Do you happen to notice what exactly MBAM is doing when it BSODs? Other than that problem, how is your computer running now? Please do this next:

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Java can be updated from the Java control panel Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now. An update should begin; follow the prompts. If it does not, let me know.

Once the install is complete...

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)

On the General tab, under Temporary Internet Files, click the Settings button.

Next, click on the Delete Files button

There are two options in the window to clear the cache - Leave BOTH Checked

Applications and Applets

Trace and Log Files

Click OK on Delete Temporary Files Window

Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

My computer's running better now. Not getting any pop-ups at startup and haven't seen anything from System Restore for a while. Icons are back on my desktop, I can re-add icons to the bar directly to the right of my start button and in the start menu.

I'm posting this without my ESET log because there have been two occasions where I've tried to run it, and it has crashed, like MBAM. Like MBAM, I'm not sure what it's doing when it BSODs, but I do notice that as I run these programs, everything becomes VERY slow. Thus, when I'm scanning I close everything else and let it work -- which obviously isn't enough. I can post a BSOD log if that will help anything. Thankfully, unlike MBAM, ESET resumes the scan where it left off before the crash. I'll have the ESET log to you whenever it completes.

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member

The help you receive here is free. If you wish to show your appreciation, then you may